Download GlobalSign Partners

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Transcript 
Technical Resources
GlobalSign Partners
Digital Certificate Reseller Quick Start Guide
Using your GCC Partner Account
to Resell SSL & Client Certificates Effectively
v3.1
TABLE OF CONTENTS
Logging In .................................................................................................................................................................................................. 4
Available Products ................................................................................................................................................................................... 4
SSL Certificates .................................................................................................................................................................................... 4
OneClickSSL Vouchers ........................................................................................................................................................................ 4
Client Certificates................................................................................................................................................................................ 4
Pricing, Payment Options & Billing ....................................................................................................................................................... 5
Discount Structure & Getting The Best Discounts ........................................................................................................................ 5
Payment Options – Pay As You Go .................................................................................................................................................. 6
Unlimited Licensing........................................................................................................................................................................ 6
Pay As You Go - Payment by Credit Card ................................................................................................................................... 6
Pay As You Go - Payment by Monthly Invoicing....................................................................................................................... 6
Pay As You Go - Payment Upfront............................................................................................................................................... 6
Payment Options – Bulk Orders / Depositing Funds into Account ............................................................................................ 6
Create Bulk Order........................................................................................................................................................................... 7
Add Deposit..................................................................................................................................................................................... 7
How to Pay for your Bulk Order / Add Deposit Amount ......................................................................................................... 8
Ordering SSL Certificates ........................................................................................................................................................................ 8
Complete a Full Application.............................................................................................................................................................. 9
Adding Subject Alternative Names (SANs) ................................................................................................................................... 12
Using OneClickSSL ............................................................................................................................................................................. 13
Types of OneClickSSL Vouchers ................................................................................................................................................. 14
Payment for OneClickSSL Vouchers .......................................................................................................................................... 14
Obtaining a OneClickSSL Single Site Voucher .......................................................................................................................... 15
Initiate a Cert-Invite.......................................................................................................................................................................... 15
Managing Existing Customers: SSL Cer tificate Applications .......................................................................................................... 16
Viewing Outstanding & Completed Orders.................................................................................................................................. 16
Cancelling a Cert-Invite PIN............................................................................................................................................................. 16
Cancelling an Order .......................................................................................................................................................................... 16
Resending an Approver Email......................................................................................................................................................... 17
Reissuing an SSL Certificate............................................................................................................................................................. 17
Renewing an SSL Cer tificate............................................................................................................................................................ 17
Revoking an SSL or Client Certificate............................................................................................................................................. 17
2
Ordering Client Certificates.................................................................................................................................................................. 18
1a) Method – Allowing Customers to Order Directly................................................................................................................. 19
1b) Method - Ordering on Behalf of a Customer ........................................................................................................................ 21
Essential Workflow Points to Note ................................................................................................................................................ 23
Managing Existing Customers: Client Certificate Applications ...................................................................................................... 24
Viewing Outstanding & Completed Orders.................................................................................................................................. 24
Cancelling an Order .......................................................................................................................................................................... 24
Resending an Approver Email for Appropriate Client Certificates........................................................................................... 24
Reissuing a Client Certificate .......................................................................................................................................................... 25
Renewing a Client Certificate.......................................................................................................................................................... 25
Account Wide Functions....................................................................................................................................................................... 25
Creating / Managing Users.............................................................................................................................................................. 25
User Roles ...................................................................................................................................................................................... 25
Creating New Users and Understanding User Administration Rights ................................................................................ 26
GlobalSign SSL API.................................................................................................................................................................................. 26
Creating Second Tier Sub-Resellers .................................................................................................................................................... 26
Getting Help ............................................................................................................................................................................................ 26
3
LOGGING IN
Once your Partner Account has been approved, you can log into the GlobalSign Certificate Center (GCC) and start reselling
GlobalSign SSL and Client Certificates straight away.
Go to www.globalsign.com and click Log In.
Enter your User ID and Password. Your User ID is the PARXXXX_xxxxx number given to you at the end of the Partner Signup;
you can also find it in your Welcome Email. Your Password is the password you entered during the Partner Signup.
If you have difficulties logging in, or forget your password please contact Support at: www.globalsign.com/support.
AVAILABLE PRODUCTS
SSL CERTIFICATES
SSL Certificates encrypt the connection between server and browser, or between web services using https. Reselling SSL is
ideal for any company providing web services such as hosting, ecommerce services, domain sales etc. For more details on
SSL visit www.globalsign.com/ssl
ONECLICKSSL VOUCHERS
OneClickSSL Vouchers can be redeemed by OneClickSSL plug-ins for cPanel, Parallels Plesk, IIS and Apache. OneClickSSL
enables hosting companies to replace the traditional SSL lifecycle process with a fully automated and significantly simplified
SSL activation process. More details are available at http://www.globalsign.com/ssl/oneclickssl/
CLIENT CERTIFICATES
Client Certificates are the group name given to Digital Certificates issued to people or companies for the specific use of
email security, authentication to online resources and application of digital signatures to applications (code) and electronic
documents (Adobe PDF and Microsoft Office files). For more details on Client Certificates please visit:
4
•
PersonalSign Digital Certificatess for email signing and encryption, two factor authentication, and digital signatures
for Microsoft Office documents
www.globalsign.com/personalsign/
•
Code Signing Digital Certificates for application signing
www.globalsign.com/code-signing/
•
PDF Signing Certificate for Adobe PDF signing
www.globalsign.com/pdf-signing/
PRICING, PAYMENT OPTIONS & BILLING
DISCOUNT STRUCTURE & GETTING THE BEST DISCOUNTS
All Partners buy GlobalSign Digital Certificates at a discount. You can resell the certificates to your customers through your
own website or web services at your desired price and make margin on every certificate you sell. Alternatively you could
add certificates as a value added offering to your current product packages. The higher you sell the certificate or the higher
your discount, the more margin you make.
The discount levels are set by the level of funds put into your Account. All Partners initially have the default level of
discount, detailed as Rank 1 in the example table below, and receive this discounted pricing every time they purchase a
certificate using the Pay As You Go (no commitment to methods of payment – see Payment Options – Pay As You Go
section of this Quick Start Guide). This means you can buy at a discount without committing any funds to your account,
however in order to obtain higher discounts you must bulk purchase / deposit funds directly into your account.
Discount levels displayed are discounts of standard Pay As You Go pricing and not the SRP (Standard Retail
Price) of GlobalSign SSL. For the SRP of the SSL Certificates you are reselling please visit the SSL
The below example discount structure shows how the discount structure operates.
Certificates section of your regional GlobalSign website.
Bulk purchase
Discount off PAYG
pricing
pricing
$180.00
$180.00
0%
2
$900.00
$785.00
12%
3
$1,800.00
$1,250.00
30%
4
$3,600.00
$2,400.00
33%
5
$7,200.00
$4,400.00
38%
Rank
PAYG pricing
1
Example discount pricing. Actual pricing may vary.
Rank 1 is standard Pay As You Go pricing – the base discount level. In this example, to progress to Rank 2 you would need
to add $785 to your account, thereby automatically giving you a 12% discount over the standard PAYG pricing. Once you’ve
created bulk contracts / deposited enough funds to elevate you to a higher Rank, you stay on that rank for a 12 month
period. If you create any further bulk contracts / deposit additional funds during the 12 month period, the discount period
5
is automatically extended by 12 months. In other words, as long as you create bulk contracts / deposit additional funds
before the 12 month period expires, you will maintain your current discount rank.
The process of upgrading your rank (and hence discount) is automatic (alternatively contact your Account Manager) and
can be completed from within your account as described in the Payment Options – Bulk Orders / Depositing Funds into
Account section of this Quick Start Guide.
PAYMENT OPTIONS – PAY AS YOU GO
You may choose to use Unlimited Licensing, Pay As You Go (PAYG) each time you purchase a certificate. When using PAYG
you will only receive Rank 1 discount levels. You have the option to pay in one of three ways – Credit Card, Bank Transfer
(monthly invoicing in arrears) or Bank Transfer (payment upfront).
UNLIMITED LICENSING
This option allows the reseller to resell an unlimited number of certificates during the ter m of the agreement. Unlimited
Licensing is only available by speaking directly to your Account Manager.
PAY AS YOU GO - PAYMENT BY CREDIT CARD
Each certificate is paid for by Credit Card (in real time) at the point of the cer tificate being issued. If you want to use Credit
Card PAYG to buy a cer tificate make sure to select Credit Card as the Payment Option at the payment point when ordering
certificates. Note: you receive PAYG pricing (Rank 1) when buying certificates using this method.
PAY AS YOU GO - PAYMENT BY MONTHLY INVOICING
GlobalSign awards you a credit level as agreed with your Account Manager and you can buy as many certificates using the
credit you have on account. At the end of the month GlobalSign will invoice you for all certificates issued during the
calendar month. If you wish to be invoiced monthly select Bank Transfer – Payment in Arrears as the Payment Option at
the payment point when ordering certificates. Note: you receive PAYG pricing (Rank 1) when buying certificates using this
method.
PAY AS YOU GO - PAYMENT UPFRONT
GlobalSign will only add the deposit amount funds to the account once the funds are transferred by your purchasing
department directly to the GlobalSign bank account. Note: you receive PAYG pricing (Rank 1) when buying certificates using
this method.
PAYMENT OPTIONS – BULK ORDERS / DEPOSITING FUNDS INTO ACCOUNT
Using the Deposit Funds option gives you the best discounts. To be able to pay for certificates using deposited funds you
must first deposit funds into your account by clicking Create Bulk Order or Add Deposit in the Account and Finance tab:
6
OR
CREATE BULK ORDER
This section allows to you add the exact funds required for a particular order. Click Create Bulk Order under the Account
and Finance tab and select the product, validity period, and options and click Add. Repeat until you have added all the
products you require for a particular order. As you add products the total Deposit needed will be added up. If the total
Deposit needed exceeds a Rank Level, you will be promoted to the next Rank Level where you will enjoy higher discounts.
ADD DEPOSIT
Click Add Deposit under the Account and Finance tab and enter the specific amount of funds you wish to add to your
account. If the total Deposit needed exceeds a Rank Level, you will be promoted to the nex t Rank Level where you will
enjoy higher discounts.
7
HOW TO PAY FOR YOUR BULK ORDER / ADD DEPOSIT AMOUNT
Complete either a Create Bulk Order or Add Deposit as detailed above and click Purchase to add the funds to your account.
You have the choice of three payment types to settle the deposit amount.
•
Bank Transfer – Advanced Payment
Select for an invoice to automatically appear in the Accounting / Billing > View / Request Invoices section that
can be printed and submitted to your purchasing department. GlobalSign will only add the deposit amount
funds to the account once the funds are transferred by your purchasing department directly to the GlobalSign
bank account.
•
Bank Transfer – Post Payment (PO Payment)
Select to request the deposit amount funds are settled within the standard payment ter ms. GlobalSign must
authorize the credit level (deposit amount funds) before the funds can be used. At the end of the calendar
month an invoice will automatically appear in the View / Request Invoices section under the Account and
Finance tab.
•
Credit Card
You will be asked to provide credit card details to be charged befor e the Deposit amount is added. The credit
card is charged immediately.
When buying certificates using the funds you have deposited, make sure to select Deposit as the Payment Option at the
payment point when ordering certificates.
ORDERING SSL CERTIFICATES
When you are ready to order an SSL Certificate on behalf of a customer you have two methods of placing an order. You can
place the order yourself by completing a full application or you can create a Cert-Invite.
Make sure that you are in the SSL section by clicking the SSL Certificates Tab on your GCC landing page:
8
COMPLETE A FULL APPLICATION
This method requires you to enter all the information needed to issue the SSL Certificate, including the CSR and company
information.
1.
2.
Click Buy New Certificate on the landing page dashboard.
On the Certificate Application page specify the order details:
a. In Products, select the SSL Certificate type – AlphaSSL, DomainSSL, OrganizationSSL or ExtendedSSL.
b.
c.
d.
e.
f.
g.
If you have any promotional codes from GlobalSign, enter them next.
Specify if the SSL Certificate is Single Domain or will any Wildcard SSL (AlphaSSL, DomainSSL or
OrganizationSSL only) or Public IP options (OrganizationSSL only).
Specify the validity period – 1-5 years for AlphaSSL, DomainSSL and OrganizationSSL and 1-2 years for
ExtendedSSL.
Specify whether the certificate is to have free Unified Communications support for the OWA, mail and
Autodiscover subdomains (DomainSSL, OrganizationSSL, and ExtendedSSL only).
Specify whether the certificate is to have Subject Alternative Name (SAN) options (see below for further
details on SANs) (DomainSSL, OrganizationSSL, and ExtendedSSL only).
Select whether you are Switching from a Competitor. Selecting the right option ensures you get the best
deal. If you are switching from a competitor we will automatically query the site holding the competitor’s
certificate and add any time left on that certificate to the replacement. If we cannot automatically find
9
the competitor’s certificate online, you have the opportunity to manually copy and paste the certificate
into a text box.
If you choose Yes, you may choose that 30 addition bonus days are added to the expiration date free of
charge.
h.
3.
Select whether it’s a New Certificate order or Renewal. If renewing you must enter the original Order
Number or Certificate to help us expedite the renewal process.
On the Product Point of Cont act for Certificate Delivery / Vetting Issues page enter the details of the person to be
associated with the order. The person enter ed her e can receive the actual SSL Certificate and the Certificate
Renewal Notices. If you have registered other Users for the account you can select the User from the drop down
list and click Auto Fill (see section Creating / Managing Users) to avoid filling in this form for every order.
Alternatively you can specify new contact details, for example the actual customer – but only do this if you want
GlobalSign to send the SSL Certificate and Certificate Renewal Notices directly to your customer.
• Note: GlobalSign does not include any pricing information in any communications with your end
customer.
•
•
Note: Check the box Set Point of Contact to have the SSL Certificate and Certificate Renewal Notices
sent to User you have just specified. If you do not check this box, the SSL Certificate will only be sent
to you.
nd
Note: You may specify an additional 2 contact to just receive the Issued Certificate and Renewal
Notices if you wish.
10
4.
On the Product Application CSR Entry Page copy and paste the CSR (Certificate Signing Request) into the text box.
The CSR will be decoded and you will be given the option to fix any errors manually.
For AlphaSSL and DomainSSL you have two CSR related options:
•
Enter CSR: copy and paste the Certificate Signing Request created on the customer’s web server into the
box.
•
Use OneClickSSL: if your customer is using a OneClickSSL plug-in for cPanel, Parallels Plesk, IIS or Apache,
you can use this function to create a redeemable OneClickSSL Voucher. Rather than the system providing
a certificate at the end of the application, it will provide a OneClickSSL Voucher which is mapped to a
particular order.
5.
If the certificate order is for a DomainSSL you will be taken to the Approver Em ail page. Select the most
appropriate email address that GlobalSign can send the Approver Email. This email is sent to the WHOIS domain
contact or one of the generic email addresses used by domain administrators. The email contains a link to
“Approve” the application, and unless the link is followed and the I APPROVE button is clicked, the certificate will
not be issued. Note: if you do not see an appropriate email address, select any and then contact Support for
advice on how best to continue.
6.
If the certificate order is for OrganizationSSL you will be taken to the OrganizationSSL Application Seal Profile
Information Entry page. This page captures the company details of the customer (not you the r eseller) and will be
vetted by the appropriate regional GlobalSign vetting team. Ensure you enter accurate information to avoid delays
in the vetting process.
7.
Choose your payment method:
11
a.
Deposit – the fee for the c ertificate will be deducted from your Deposit balance (see the Payment Options
– Bulk Orders / Depositing Funds into Account section of this Quick Start Guide).
Alternatively you may use one of the Pay As You Go payment methods (see the Payment Options – Pay As You Go
section of this Quick Start Guide):
b.
Bank Transfer –
i. Payment in Advance : Select for an invoice to automatically appear in the View / Request
Invoices section under the Account and Finance tab. This invoice can be printed and submitted
to your purchasing department. GlobalSign will only issue the c ertificate once the funds are
transferred by your purchasing department directly to the GlobalSign bank account.
ii. Payment in Arrears: Select to request the deposit amount funds are settled within the standard
payment terms. At the end of the calendar month an invoice will automatically appear in the
View / Request Invoices section. Once you have settled the invoice your credit limit will return
to the previous limit level.
c.
Credit Card – you will be asked to provide credit card details to be charged before the c ertificate can be
issued. The credit card is charged automatically at the point of issuance.
Note: depending on your territory and account type, not all payment types will be available.
ADDING SUBJECT ALTERNATIVE NAMES (SANS)
Standard SSL Certificates secure a single Fully Qualified Domain Name. By adding SANs a single certificate can secure other
server “names” such as other domain names, subdomains, IP addresses and local host names. If selected you will enter the
SANs on the SANs page and the total cost of the cer tificate is then calculated. You may specify up to 100 SANs per
certificate. The types of SANs allowed depends on the certificate type:
•
•
•
DomainSSL - Unified Communications option or Subdomains
OrganizationSSL - Unified Communications option, Subdomains, Internal Hostnames or Internal IP Addresses,
different Fully Qualified Domain Names and Public IP Addresses.
ExtendedSSL - Unified Communications option, Subdomains, and different Fully Qualified Domain Names.
2.
Log into your GlobalSign Certificate Center (GCC) account and within the SSL Cer tificates tab select the ‘Find order
’icon or the ‘Search Order History’ link in the left column.
Provide an order number (case sensitive) or just click on “Search” to view all orders.
3.
Select the “Edit” button next to the certificate details.
1.
12
4.
Find and select the “Change SAN Option” button.
5.
Choose which type of SANs you wish to add from the form below:
6.
On the next page you will need to fill in your requested SANs. You will then be asked for payment details if
applicable. Once this is completed your order will have to be vetted. The technical contact on the account will
receive an email once the vetting process has been completed.
Note: Once you receive your new certificate you will need to reissue the certificate if you are using a Windows
server as well as various other servers. See the Reissuing an SSL Certificate section of this Quick Start Guide.
USING ONECLICKSSL
OneClickSSL is another GlobalSign innovation – designed to help hosting companies automate the entire SSL workflow,
including:
•
•
CSR generation
Private key generation
•
Right to use a domain
13
•
•
Receipt of issued certificate
Installation of certificate and installation of intermediate certificates
•
Binding of certificate to appropriate website
OneClickSSL plug-ins are available for a number of control panels and web servers, and Voucher provisioning is available
through a number of billing platforms. Please visit www.globalsign.com/ssl/oneclickssl for the latest integration news and
downloads. For mass deployment of plug-ins in your hosting environment, contact your Account Manager.
TYPES OF ONECLICKSSL VOUCHERS
Single Site Vouchers
Like standard SSL Certificates, Single Site Vouchers are provisioned through your GlobalSign Partner Account. . Partners can
obtain Vouchers either via the GlobalSign Voucher API or via their web console (GlobalSign Certificate Center or GCC).
Single Site Vouchers are tied to a specific product order for a specific dom ain on the GlobalSign system – essentially a
product configuration such as a 3 year DomainSSL certificate for www.domain.com. Single Site Vouchers can only be
redeemed once – if they are re-entered into the OneClickSSL plug-in, it will reissue the c ertificate with an unchanged
expiration date. Single Site Vouchers are designed to be redeemed by the end customer / server admin.
Supervouchers
Supervouchers are issued by GlobalSign to Partners. Partners cannot create Supervouchers directly. Supervouchers allow a
host to reuse the same voucher multiple times – and can be restricted by number of redemptions, time period and platform
or permitted IP range. Supervouchers are tied to a spe cific partner account for a specific product type and validity period
on the GlobalSign system. Supervouchers are designed to be r edeemed on behalf of the end customer / server admin and
allow the hosting company to “push” the Voucher to the plug-in, automating the redemption and hence SSL activation.
They should not be made public and are best used programmatically or internally by hosting companies.
Trial Vouchers
Trial Vouchers are identical to Supervouchers in terms of provisioning and customizable restrictions but are tied to
GlobalSign’s trial product range of short term certificate validity periods such as 30 day DomainSSL Certificates.
PAYMENT FOR ONECLICKSSL VOUCHERS
GlobalSign offers many ways for Partners to pay for Vouchers. Typically the cost of the Voucher will depend upon the
quantity or deal in place with the Partner. Note there is no fee for the use of Trial Vouchers.
•
Single Site Vouchers
o Pay As You Go – a credit card is held on file and charged when a Voucher is issued.
o Bulk deposit – a deposit into the account is made and debited to the value of the Voucher when a
Voucher is issued.
o Unlimited license contract – for an annual fee, the Partner can issue an unlimited number of Vouchers.
Some restrictions may apply.
o Monthly invoicing – the Partner is invoiced monthly for number of Vouchers issued.
•
Supervouchers
o Unlimited license contract – for an annual fee, the Partner can issue an unlimited number of Vouchers.
Some restrictions may apply.
o Monthly invoicing – the Partner is invoiced monthly for number of Vouchers issued.
14
OBTAINING A ONECLICKSSL SINGLE SITE VOUCHER
For Vouchers provisioned by Partners:
The above diagram shows the concept of a Voucher being applied for via a Partner to GlobalSign either by GCC or by API.
The provisioned Voucher is then redeemed at the Control Panel or Server plug-in level.
INITIATE A CERT-INVITE
This method is significantly simplified and requires you to enter only the contact details of the customer. It does not
require you to enter their company information or CSR. When you create a Cert-Invite, GlobalSign will generate a unique
code specific to the order and give you a PIN. We then send an email to the customer containing a link. You must
communicate the PIN to the end user yourself – typically we would suggest doing this once you have r eceived payment
from your customer.
You may only create Cert-Invites if you have funds deposited into your account (see section on Payment
Options – Bulk Orders / Depositing Funds into Account > Add Bulk Order / Add Deposit).
1.
Make sure you are on the SSL Certificates tab. Click New Cert Invite in the left menu.
2.
On the Certificate Application page specify the order details:
a. In Products, select the SSL Certificate type – AlphaSSL, DomainSSL, OrganizationSSL or ExtendedSSL.
b. Specify if the SSL Certificate is to have any wildcard, public IP or Subject Alternative Name (SAN) options.
c. Specify the validity period – 1-5 years for DomainSSL and OrganizationSSL and 1-2 years for ExtendedSSL.
d. Specify if you are switching from a competitor or renewing the certificate
15
3.
On the New Cert-Invite page specify the Cert-invite recipient details. These are the details of the customer who
will be emailed an invitation to complete the SSL Certificate application process. Make sure the customer’s email
address is in the Destination Email Address field.
4.
Next you will be asked to confirm the application details you provided and review GlobalSign’s Subscriber
Agreement.
5.
Click Complete and you will be presented with the PIN associated with that Cert-Invite application. Make sure
your customer is given this to be able to proceed with the application.
MANAGING EXISTING CUSTOMERS: SSL CERTIFICATE APPLICATIONS
VIEWING OUTSTANDING & COMPLETED ORDERS
1.
2.
Click Search Order history in the left menu of the SSL Certificates tab to run reports or search for specific orders.
Click Advanced Search to search both SSL and MSSL Certificates (for MSSL users only).
For Cert-Invite applications go to Search Certificate Invites in the SSL Certificate section. This page allows you to search for
Cert-Invites given certain criteria.
CANCELLING A CERT-INVITE PIN
If you wish to cancel a Cert-Invite PIN click Search Certificate Invites and search for the order. Click the Edit button nex t to
appropriate Cer t-Invite application and change the PIN Status from Unused to Void. Click the Confirm button and then the
Complete button to commit the change. Note: Once a Cert-Invite PIN is voided it cannot be reactivated. You will not be
charged for voiding any Cert-Invite PINs.
CANCELLING AN ORDER
If you wish to cancel a completed order you may do so automatically within the 7 day refund period. Depending on how
you paid for the certificate, cancelled orders automatically refund the appropriate amount of credit to deposit accounts,
directly refund credit cards or cancel outstanding invoices. To cancel an order:
1.
2.
3.
4.
Click Search Order History in the SSL Certificate section.
Search for the appropriate order and click the Edit button.
Click the Cancel Order button at the very top or very button of your screen.
Review the order details to verify the order is the correct application to cancel, scroll to the bottom of the page
and click the Confirm button.
16
RESENDING AN APPROVER EMAIL
If your customer has not received the Approver Email or has deleted / spam filtered the email by mistake, you can
automatically resend the Approver Email.
1.
2.
3.
4.
Click Search Order History under SSL Certificates.
Search for the appropriate order and click the Edit button.
Click the Resend Approval Mail button located at the very top and very bottom of the screen.
Confirm that the Approval Email address is correct and click the Resend button.
If your customer cannot receive the approver email at the address selected during the application, contact
GlobalSign Support.
REISSUING AN SSL CERTIFICATE
If your customer needs a certificate reissued because they have deleted or lost their certificate and corresponding Private
Key, you can reissue any issued certificates directly.
1.
2.
3.
4.
Click Search Order History under SSL Certificates.
Search for the appropriate order and click the Edit button.
Click the Reissue button located at the very top or very bottom of the page.
You will be prompted for a new Certificate Signing Request. Note: the r eissued certificate will only be valid for the
period remaining on the initial certificate.
RENEWING AN SSL CERTIFICATE
GlobalSign will begin sending Renewal Notices 90 days prior to the expiration of the certificate. W e will send the notices to
the contact associated with the order – which by default will be one of the Users associated with the Partner account, or if
specified during the application, the end customers themselves.
For added convenience, cer tificates within the renewal range (90 days prior to expiration) will be listed on the home screen
of the SSL Certificates tab in the Upcoming Renewals section. Simply click the Renew button nex t to the appropriate order
to begin the renewal process.
If you renew a customer’s certificate before it expires, we will add any remaining time onto the new
certificate and give you the option of an extra 30 days free.
REVOKING AN SSL OR CLIENT CERTIFICATE
Revocation should only be used when key material (private key) has been compromised and the identity of the certificate
holder could be stolen. Lost certificates need not be revoked. Revocation will add the serial number of the certificate to
the GlobalSign Certificate Revocation Lists (CRLs), and such lists are downloaded by browsers and applications to warn users
about the revocation of the certificate if they encounter it – for example, a signed email or document, or a https session
with a website.
Revoking a certificate cannot be undone. Speak to GlobalSign for advice if you are unsure.
17
•
To revoke an SSL Certificate, log into your Partner account, locate the order via the Order History, click Edit, and
click Revoke.
•
To revoke a Client Certificate you must contact GlobalSign. Partners are not permitted to directly revoke Client
Certificates. GlobalSign will need to ascertain the reason for revocation with the end customer directly and
document their confirmed approval to revoke.
ORDERING CLIENT CERTIFICATES
Partners have two methods of ordering Client Certificates through their GCC account – the Partner completes the
application on behalf of the customer, or the customer completes his/her own application.
Make sure that you are in the Client Certificates section by clicking the Code Signing, PersonalSign, PDF Signing for Adobe
CDS tab on your GCC landing page:
Before placing an order, or allowing your customers to place an order, please be familiar with the ordering process as
detailed below:
18
1A) METHOD – ALLOWING CUSTOMERS TO ORDER DIRECTLY
This method allows your customers to place an order through your Account directly via a unique ordering URL. They do not
need login access and may only complete the web ordering forms. Partners must then authorize the order prior to
GlobalSign initiating vetting of the order, and ultimately releasing the issued certificate to the customer.
1.
Share the Customer Ordering URL with your customers, either directly or hooked into your web pages. You can
obtain your unique URL by clicking on Customer Ordering URL within the Client Cer tificates section of your GCC
account (located on the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab).
19
A brief explanation of usage and the actual URL will be displayed:
When a customer clicks on the Ordering URL they will enter the below application process:
1.
On the certificate type selection page select the Client Certificate type – PersonalSign, Code Signing or PDF Signing
Certificate.
2.
They will then enter the application flow the specific product type. For this example we will follow the application
flow for Code Signing:
a. Select the validity period, 1-3 years. No pricing will be displayed unlike when you apply on their behalf.
b. Select if the customer has an externally generated CSR. This is very rare and in most cases, they should
leave this blank. Please note this option is only available when ordering Code Signing for Multi-platforms.
c. Select if the customer wishes to use the PKCS#12 option. This option tells GlobalSign to generate the
cryptographic key pair on the customer’s behalf. This avoids having to use the browser to generate the
key pair later in the process, or if your customer is having browser issues.
3.
Enter the Certificate Identity Details. These details will be vetted. They must be the Subscriber’s (end customer to
whom GlobalSign issues the certificate). This is the information that will be included in the Certificate.
a. Complete the identity details.
b. Remember the pickup passw ord. If the password is lost or forgotten, the application must be made again
from the beginning.
4.
Enter the Subscriber Details. The Subscriber is the person or organization to which the certificate will be issued.
These details will be needed for vetting and possibly authorization purposes.
5.
Confirm the application details and review the Subscriber Agreement.
You, as the Partner, will be alerted via email when a new order has been placed. You must now complete the following:
1.
2.
Log into your GCC account and go to the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab.
Click on Pending Approvals.
20
3.
Select the order, choose to Approve or Reject.
a. If you reject, the application will be cancelled.
b. If you accept, you will be taken to the payment selection method.
4.
Choose your payment method:
a.
Deposit – the fee for the c ertificate will be deducted from your Deposit balance (see the Payment Options
– Bulk Orders / Depositing Funds into Account section of this Quick Start Guide).
Alternatively you may use one of the Pay As You Go payment methods (see the Payment Options – Pay As You Go
section of this Quick Start Guide):
a.
Bank Transfer
i. Payment in Advance: Select for an invoice to automatically appear in the Accounting / Billing >
View / Request Invoices section that can be printed and submitted to your purchasing
department. GlobalSign will only issue the certificate once the funds are transferred by your
purchasing department directly to the GlobalSign bank account.
ii. Payment in Arrears: Select to request the deposit amount funds are settled within the standard
payment terms. At the end of the calendar month an invoice will automatically appear in the
Accounting / Billing > View / Request Invoices section. Once you have settled the invoice your
credit limit will return to the previous limit level.
b.
Credit Card – you will be asked to provide credit card details to be charged before the c ertificate can be
issued. The credit card is charged automatically at the point of issuance.
Note: depending on your territory and account type, not all payment types will be available.
1B) METHOD - ORDERING ON BEHALF OF A CUSTOMER
This method requires the Partner to complete the required web forms on behalf of the customer.
1.
While on the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab, click New Certificate in the Client
Certificates section of the left navigation menu.
21
2.
On the Certificate Type selection page select the Client Certificate type – PersonalSign, Code Signing or PDF Signing
Certificate.
3.
You will then enter the application flow the specific product type. For this example we will follow the application
flow for Code Signing:
a. Select the validity period, 1-3 years.
b. If you have any promotional codes from GlobalSign, enter them here.
c. Select if the customer has provided you with an externally generated CSR. This is very rare and in most
cases, you should leave this blank. Please note this option is only available when ordering Code Signing
for Multi-platforms.
d. Select if you wish to use the PKCS#12 option. This option tells GlobalSign to generate the cryptographic
key pair on your customer’s behalf. This avoids having to use the browser to generate the key pair later in
the process, or if your customer is having browser issues.
4.
Enter the Certificate Identity Details. These details will be vetted. They must be the Subscriber’s (end customer to
whom GlobalSign issues the certificate). This is the information that will be included in the Certificate.
a. Complete the identity details.
b. Remember the pickup password. This must be communicated by the Partner to the Subscriber out of
bands (i.e. GlobalSign will never communicate this password to anyone, Partner or Subscriber). If the
password is lost or forgotten, the application must be made again from the beginning.
5.
Enter the Subscriber Details. The Subscriber is the person or organization to which the certificate will be issued.
These details will be needed for vetting and possibly authorization purposes.
6.
Choose your payment method:
a.
Deposit – the fee for the c ertificate will be deducted from your Deposit balance (see the Payment Options
– Bulk Orders / Depositing Funds into Account section of this Quick Start Guide).
Alternatively you may use one of the Pay As You Go payment methods (see the Payment Options – Pay As You Go
section of this Quick Start Guide):
b.
Bank Transfer
i. Payment in Advance: Select for an invoice to automatically appear in the Accounting / Billing >
View / Request Invoices section that can be printed and submitted to your purchasing
department. GlobalSign will only issue the certificate once the funds are transferred by your
purchasing department directly to the GlobalSign bank account.
ii. Payment in Arrears: Select to request the deposit amount funds are settled within the standard
payment terms. At the end of the calendar month an invoice will automatically appear in the
Accounting / Billing > View / Request Invoices section. Once you have settled the invoice your
credit limit will return to the previous limit level.
c.
Credit Card – you will be asked to provide credit card details to be charged before the c ertificate can be
issued. The credit card is charged automatically at the point of issuance.
22
Note: depending on your territory and account type, not all payment types will be available.
7.
Confirm the application details. The customer’s email address you included in the application will receive an email
the application has been placed.
8.
Once the information included in the application has been verified by our Vetting Team, an email will be sent to
the email address you included in the application with instructions for picking up the certificate.
ESSENTIAL WORKFLOW POINTS TO NOTE
•
If an email address has been entered into the Cer tificate Identity Details section, GlobalSign will send an Approval
Email to the email address entered. Unless the Applicant approves the order, the order will not be processed.
Clicking the link in the email will open an Approve Application web page containing an Approve or Reject button:
•
If the Client Certificate requires vetting, such as PersonalSign 2, PersonalSign 2 Pro, PersonalSign 2 Department,
Code Signing or any of the PDF Signing Certificate products, the certificate will not be released for pickup until
vetting is complete. GlobalSign will automatically send a Pickup Email to the Subscriber when the certificate
application has been vetted.
•
The certificate is issued when the certificate pickup link, contained within the Pickup Email is followed, and the
Pickup Password is entered into the page.
23
MANAGING EXISTING CUSTOMERS: CLIENT CERTIFICATE APPLICATIONS
VIEWING OUTSTANDING & COMPLETED ORDERS
While on the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab in your GCC account, click Search Order History
to open the search function for viewing all certificate applications. Click advanced search to select the filters you want to
use (e.g., Use the Order Status “Issue Completed” to view all completed and issued orders.)
CANCELLING AN ORDER
If you wish to cancel a completed order you may do so automatically within the 7 day refund period. Depending on how
you paid for the certificate, cancelled orders automatically refund the appropriate amount of credit to deposit accounts,
directly refund credit cards or cancel outstanding invoices. To cancel an order:
1.
2.
3.
4.
While on the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab in your GCC account, click Search Order
History.
Search for the appropriate order and click the Edit button.
Click the Cancellation Request button located at both the very top and very bottom of the Certificate Edit screen.
Check the order is the correct application to cancel, scroll to the bottom of the page and click the Confirm button.
RESENDING AN APPROVER EMAIL FOR APPROPRIATE CLIENT CERTIFICATES
If your customer has not received the Approver Email or has deleted / spam filtered the email by mistake, you can
automatically resend the Approver Email.
1.
2.
3.
4.
While on the Code Signing, PersonalSign, PDF Signing for Adobe CDS t ab in your GCC account, click Order History
under Reporting.
Search for the appropriate order and click the Edit button.
Click the Resend Approval Mail button located at both the very top and very bottom of the Certificate Edit screen.
Check the order is the correct application to resend the Approver email, scroll to the bottom of the page again and
click the Complete button.
24
If your customer cannot receive the approver email at the address selected during the application, contact
GlobalSign Support.
REISSUING A CLIENT CERTIFICATE
If your customer needs a certificate reissued because they have deleted or lost their certificate and corresponding Private
Key, you can initiate a reissue for any issued certificates directly.
1.
2.
3.
4.
While on the Code Signing, PersonalSign, PDF Signing for Adobe CDS tab in your GCC account, click Order History
under Reporting.
Search for the appropriate order and click the Edit button.
Click the Reissue button located at the very top and very bottom of the Certificate Edit screen.
A new pickup link will be sent to the Subscriber.
RENEWING A CLIENT CERTIFICATE
GlobalSign will begin sending Renewal Notices 90 days prior to the expiration of the certificate. W e will send the notices to
the contact associated with the order – which by default will be one of the Users associated with the Partner account, or if
specified during the application, the end customer themselves.
For added convenience, certificates within the renewal range (90 days prior to expiration) will be listed on the home screen
of the Code Signing, PersonalSign, PDF Signing for CDS tab. Simply click the Renew button next to the appropriate order to
begin the renewal process. You can also renew certificates by going to Order History under the Reporting section,
searching for the appropriate order, and clicking on the Renew button.
If you renew a customer’s certificate before it expires, we will add any remaining time onto the new
certificate and give you the option of an extra 30 days free.
ACCOUNT WIDE FUNCTIONS
CREATING / MANAGING USERS
USER ROLES
You may add additional Users to your GCC account. Depending on their privileges newly created Users may place new
certificate orders, add Deposit funds, or perform reporting. Users are defined in roles:
•
Account Administrator: Users who are the top level account owner can see all menus, perform all functions and
have the ability to create new Managers and Staff in Charge.
•
Manager: Users who have their administration rights defined by the Account Administrator and can create Staff in
Charge.
•
Staff in Charge: Users who have their administration rights defined by the Account Administrator or the Manager.
Unlike Account Administrators and Managers, Staff in Charge cannot create additional Users.
25
CREATING NEW USERS AND UNDERSTANDING USER ADMINISTRATION RIGHTS
To add a new User click Manage Users under Account & Finance. Click New Registration. Complete the details of the new
User and select their role by selecting either Manager or Staff in Charge in the User Permissions. Set their privileges as
follows:
•
Certificate Approval Permission
o Select “Yes” if you wish the User to be able to place orders that do not need approval and approve
certificate orders placed by other Users who do not have Certificate Approval Permission.
o Select “No” if the User should not have approval permission, nor should be allowed to place certificate
orders without the order being approved. Certificate orders that are placed by Users who do not have
Certificate Approval Permission will be placed into the Pending Approvals section.
Note: all users can place orders; only users with Certificate Approval Permission can place orders that do not
need to be approved by users with Certificate Approval Permission.
•
Deposit Purchase Authority
o Select “yes” if you wish the User to be able to deposit funds into the account.
o Select “no” if you do not wish the User to be able to deposit funds into the account.
GLOBALSIGN SSL API
Contact your Account Manager for further details on how to use the GlobalSign SSL APIs and web services. The XML based
API allows you to place orders and reports on issued certificates. The API may be integrated into websites, control panels
and third party web services and replaces the need for partners to conduct all SSL reselling through GCC. The AJAX API
allows you to run a web based app to automate the application of SSL Certificates.
CREATING SECOND TIER SUB-RESELLERS
GlobalSign Partners can create and manage their own set of second tier sub-resellers (SSL only) – allowing a multi-level
reseller chain. You can sign up, set pricing, manage and report on your own sub-resellers – giving them all the benefits you
enjoy through partnering with GlobalSign. For further details on creating Sub-Resellers, contact your Account Manager.
GETTING HELP
Every GlobalSign Partner has a dedicated Account Manager who is on hand to help with any commercial and technical
queries you may have about reselling SSL. GlobalSign also provides technical support through our Client Service
departments around the world. www.globalsign.com/support
GlobalSign Americas
Tel : 1-877-775-4562
www.gl obalsign.com
s a [email protected]
GlobalSign EU
Tel : +32 16 891900
www.gl obalsign.eu
s a [email protected]
GlobalSign UK
Tel : +44 1622 766766
www.gl obalsign.co.uk
s a [email protected]
GlobalSign FR
Tel : +33 1 82 88 01 24
www.gl obalsign.fr
[email protected]
GlobalSign DE
Tel : +49 30 8878 9310
www.gl obalsign.de
verka [email protected]
GlobalSign NL
Tel : +31 20 8908021
www.gl obalsign.nl
[email protected]
26
Related documents
CASH FLOW FORECASTING USER MANUAL
CASH FLOW FORECASTING USER MANUAL
MSSL user guide
MSSL user guide
Partner User Manual
Partner User Manual
US Robotics USR5420 Troubleshooting guide
US Robotics USR5420 Troubleshooting guide
EPKI User Manual
EPKI User Manual
Installer VISE User`s Guide
Installer VISE User`s Guide
RTR-61 What is RTR-61?
RTR-61 What is RTR-61?
Ref. A-6
Ref. A-6
Installation and User manual Probas Webservice Frontend
Installation and User manual Probas Webservice Frontend
IEye Captain User`s Manual
IEye Captain User`s Manual
iEye Captain User`s Manual
iEye Captain User`s Manual
Care, Use and Installation booklet
Care, Use and Installation booklet
9” Core Tablet Instruction Manual
9” Core Tablet Instruction Manual
PowerDNS for WHMCS
PowerDNS for WHMCS
SCIMPI User Manual - Transcend Engineering
SCIMPI User Manual - Transcend Engineering
NDOT CDA User`s Manual - Nevada Department of Transportation
NDOT CDA User`s Manual - Nevada Department of Transportation
Summary Instalment Orders Supervisors OASIS3 User Manual
Summary Instalment Orders Supervisors OASIS3 User Manual
Website Posting Guidelines
Website Posting Guidelines